Mercurial > repos > shellac > guppy_basecaller
comparison env/lib/python3.7/site-packages/boto/https_connection.py @ 2:6af9afd405e9 draft
"planemo upload commit 0a63dd5f4d38a1f6944587f52a8cd79874177fc1"
| author | shellac |
|---|---|
| date | Thu, 14 May 2020 14:56:58 -0400 |
| parents | 26e78fe6e8c4 |
| children |
comparison
equal
deleted
inserted
replaced
| 1:75ca89e9b81c | 2:6af9afd405e9 |
|---|---|
| 1 # Copyright 2007,2011 Google Inc. | |
| 2 # | |
| 3 # Licensed under the Apache License, Version 2.0 (the "License"); | |
| 4 # you may not use this file except in compliance with the License. | |
| 5 # You may obtain a copy of the License at | |
| 6 # | |
| 7 # http://www.apache.org/licenses/LICENSE-2.0 | |
| 8 # | |
| 9 # Unless required by applicable law or agreed to in writing, software | |
| 10 # distributed under the License is distributed on an "AS IS" BASIS, | |
| 11 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | |
| 12 # See the License for the specific language governing permissions and | |
| 13 # limitations under the License. | |
| 14 # | |
| 15 | |
| 16 # This file is derived from | |
| 17 # http://googleappengine.googlecode.com/svn-history/r136/trunk/python/google/appengine/tools/https_wrapper.py | |
| 18 | |
| 19 | |
| 20 """Extensions to allow HTTPS requests with SSL certificate validation.""" | |
| 21 | |
| 22 import re | |
| 23 import socket | |
| 24 import ssl | |
| 25 | |
| 26 import boto | |
| 27 | |
| 28 from boto.compat import six, http_client | |
| 29 | |
| 30 | |
| 31 class InvalidCertificateException(http_client.HTTPException): | |
| 32 """Raised when a certificate is provided with an invalid hostname.""" | |
| 33 | |
| 34 def __init__(self, host, cert, reason): | |
| 35 """Constructor. | |
| 36 | |
| 37 Args: | |
| 38 host: The hostname the connection was made to. | |
| 39 cert: The SSL certificate (as a dictionary) the host returned. | |
| 40 """ | |
| 41 http_client.HTTPException.__init__(self) | |
| 42 self.host = host | |
| 43 self.cert = cert | |
| 44 self.reason = reason | |
| 45 | |
| 46 def __str__(self): | |
| 47 return ('Host %s returned an invalid certificate (%s): %s' % | |
| 48 (self.host, self.reason, self.cert)) | |
| 49 | |
| 50 | |
| 51 def GetValidHostsForCert(cert): | |
| 52 """Returns a list of valid host globs for an SSL certificate. | |
| 53 | |
| 54 Args: | |
| 55 cert: A dictionary representing an SSL certificate. | |
| 56 Returns: | |
| 57 list: A list of valid host globs. | |
| 58 """ | |
| 59 if 'subjectAltName' in cert: | |
| 60 return [x[1] for x in cert['subjectAltName'] if x[0].lower() == 'dns'] | |
| 61 else: | |
| 62 return [x[0][1] for x in cert['subject'] | |
| 63 if x[0][0].lower() == 'commonname'] | |
| 64 | |
| 65 | |
| 66 def ValidateCertificateHostname(cert, hostname): | |
| 67 """Validates that a given hostname is valid for an SSL certificate. | |
| 68 | |
| 69 Args: | |
| 70 cert: A dictionary representing an SSL certificate. | |
| 71 hostname: The hostname to test. | |
| 72 Returns: | |
| 73 bool: Whether or not the hostname is valid for this certificate. | |
| 74 """ | |
| 75 hosts = GetValidHostsForCert(cert) | |
| 76 boto.log.debug( | |
| 77 "validating server certificate: hostname=%s, certificate hosts=%s", | |
| 78 hostname, hosts) | |
| 79 for host in hosts: | |
| 80 host_re = host.replace('.', '\.').replace('*', '[^.]*') | |
| 81 if re.search('^%s$' % (host_re,), hostname, re.I): | |
| 82 return True | |
| 83 return False | |
| 84 | |
| 85 | |
| 86 class CertValidatingHTTPSConnection(http_client.HTTPConnection): | |
| 87 """An HTTPConnection that connects over SSL and validates certificates.""" | |
| 88 | |
| 89 default_port = http_client.HTTPS_PORT | |
| 90 | |
| 91 def __init__(self, host, port=default_port, key_file=None, cert_file=None, | |
| 92 ca_certs=None, strict=None, **kwargs): | |
| 93 """Constructor. | |
| 94 | |
| 95 Args: | |
| 96 host: The hostname. Can be in 'host:port' form. | |
| 97 port: The port. Defaults to 443. | |
| 98 key_file: A file containing the client's private key | |
| 99 cert_file: A file containing the client's certificates | |
| 100 ca_certs: A file contianing a set of concatenated certificate authority | |
| 101 certs for validating the server against. | |
| 102 strict: When true, causes BadStatusLine to be raised if the status line | |
| 103 can't be parsed as a valid HTTP/1.0 or 1.1 status line. | |
| 104 """ | |
| 105 if six.PY2: | |
| 106 # Python 3.2 and newer have deprecated and removed the strict | |
| 107 # parameter. Since the params are supported as keyword arguments | |
| 108 # we conditionally add it here. | |
| 109 kwargs['strict'] = strict | |
| 110 | |
| 111 http_client.HTTPConnection.__init__(self, host=host, port=port, **kwargs) | |
| 112 self.key_file = key_file | |
| 113 self.cert_file = cert_file | |
| 114 self.ca_certs = ca_certs | |
| 115 | |
| 116 def connect(self): | |
| 117 "Connect to a host on a given (SSL) port." | |
| 118 if hasattr(self, "timeout"): | |
| 119 sock = socket.create_connection((self.host, self.port), self.timeout) | |
| 120 else: | |
| 121 sock = socket.create_connection((self.host, self.port)) | |
| 122 msg = "wrapping ssl socket; " | |
| 123 if self.ca_certs: | |
| 124 msg += "CA certificate file=%s" % self.ca_certs | |
| 125 else: | |
| 126 msg += "using system provided SSL certs" | |
| 127 boto.log.debug(msg) | |
| 128 self.sock = ssl.wrap_socket(sock, keyfile=self.key_file, | |
| 129 certfile=self.cert_file, | |
| 130 cert_reqs=ssl.CERT_REQUIRED, | |
| 131 ca_certs=self.ca_certs) | |
| 132 cert = self.sock.getpeercert() | |
| 133 hostname = self.host.split(':', 0)[0] | |
| 134 if not ValidateCertificateHostname(cert, hostname): | |
| 135 raise InvalidCertificateException(hostname, | |
| 136 cert, | |
| 137 'remote hostname "%s" does not match ' | |
| 138 'certificate' % hostname) |